Sun ONE Directory Server 5.2 Deployment Guide |
ContentsPurpose of This Guide
Prerequisites
Typographical Conventions
Default Paths and Filenames
Downloading Directory Server Tools
Suggested Reading
Part 1 Directory Server Design
Chapter 1 Directory Server Design and Deployment OverviewDirectory Design Overview
Design Process Outline
Directory Deployment Overview
Chapter 2 Planning and Accessing Directory DataIntroduction to Directory Data
What Your Directory Might Include
Defining Your Directory Needs
What Your Directory Should Not Include
Accessing Your Directory Data with DSML over HTTP/SOAP
DSMLv2 Over HTTP/SOAP Deployment
Performing a Site Survey
Identifying the Applications That Use Your Directory
Identify How Applications Will Access Your Directory
Identifying Data Sources
Characterizing Your Directory Data
Determining Directory Availability Requirements
Considering a Data Master Server
Determining Data Ownership
Determining Data Access
Documenting Your Site Survey
Repeating the Site Survey
Chapter 3 Designing the SchemaSun ONE Directory Server Schema
Schema Design Process Overview
Mapping Your Data to the Default Schema
Viewing the Default Directory Schema
Customizing the Schema
Matching Data to Schema Elements
When to Extend Your Schema
Maintaining Data Consistency
Getting and Assigning Object Identifiers
Naming Attributes and Object Classes
Strategies for Defining New Object Classes
Strategies for Defining New Attributes
Deleting Schema Elements
Creating Custom Schema Files - Best Practices and Pitfalls
Schema Checking
Other Schema Resources
Selecting Consistent Data Formats
Maintaining Consistency in Replicated Schema
Chapter 4 Designing the Directory TreeIntroduction to the Directory Tree
Designing Your Directory Tree
Choosing a Suffix
Grouping Directory Entries and Managing Attributes
Creating Your Directory Tree Structure
Naming Entries
Static and Dynamic Groups
Directory Tree Design Examples
Managed, Filtered, and Nested Roles
Role Enumeration and Role Membership Enumeration
Role Scope
Role Limitations
Deciding Between Groups and Roles
Managing Attributes with Class of Service (CoS)
About CoS
Cos Definition Entries and CoS Template Entries
CoS Priorities
Pointer CoS, Indirect CoS, and Classic CoS
CoS Limitations
Directory Tree for an International Enterprise
Other Directory Tree Resources
Directory Tree for an ISP
Chapter 5 Designing the Directory TopologyTopology Overview
Distributing Your Data
Using Multiple Databases
About Referrals and Chaining
About Suffixes
Using Referrals
Using Chaining
Deciding Between Referrals and Chaining
Chapter 6 Designing the Replication ProcessIntroduction to Replication
Replication Concepts
Common Replication Scenarios
Single-Master Replication
Defining a Replication Strategy
Multi-Master Replication
Cascading Replication
Mixed Environments
Fractional Replication
Replication Backward Compatibility
Using Replication with Other Directory Features
Replication Survey
Replication Resource Requirements
Using Replication for High Availability
Using Replication for Local Availability
Using Replication for Load Balancing
Example Replication Strategy for a Small Site
Example Replication Strategy for a Large Site
Replication Strategy for a Large, International Enterprise
Replication and Access Control
Replication Monitoring
Replication and Directory Server Plug-Ins
Replication and Chained Suffixes
Schema Replication
Replication and Multiple Password Policies
Chapter 7 Designing a Secure DirectoryAbout Security Threats
Unauthorized Access
Analyzing Your Security Needs
Unauthorized Tampering
Denial of Service
Determining Access Rights
Overview of Security Methods
Ensuring Data Privacy and Integrity
Conducting Regular Audits
Example Security Needs Analysis
Selecting Appropriate Authentication Methods
Anonymous Access
Preventing Authentication by Account Inactivation
Simple Password
Proxy Authorization
Simple Password Over a Secure Connection
Certificate-Based Client Authentication
SASL-Based Client Authentication
Designing your Password Policies
Password Policy Features
Designing Access Control
Configuring Your Password Policies
Designing an Account Lockout Policy
Designing Password Policies in a Replicated Environment
About the ACI Format
Securing Connections With SSL
Default ACIs
Deciding How to Set Permissions
Requesting Effective Rights Information
Tips on Using ACIs
ACI Limitations
Encrypting Attributes
What is Attribute Encryption?
Grouping Entries Securely
Attribute Encryption Implementation
Attribute Encryption and Performance
Attribute Encryption Usage Considerations
Using Roles Securely
Securing Configuration Information
Using CoS Securely
Other Security Resources
Chapter 8 Monitoring Your DirectoryDefining a Monitoring and Event Management Strategy
Directory Server Monitoring Tools
Directory Server Monitoring
Monitoring Directory Server Activity
SNMP Monitoring
Monitoring Database Activity
Monitoring Disk Status
Monitoring Replication Activity
Monitoring Indexing Efficiency
Monitoring Security
About SNMP
SNMP Monitoring in Sun ONE Directory Server
Part 2 Directory Server Deployment Scenario and Reference Architectures
Chapter 9 Banking Deployment ScenarioBusiness Challenge
Deployment Context and Replication Topology
Deployment Context
Performance Requirements
Replication Topology
User Demands
Schema, Data, and Directory Information Tree Design
Hardware Guidelines
Schema
Security Considerations
Data
Directory Information Tree
Implementation
Chapter 10 Architectural StrategiesAddressing Failure and Recovery
Planning a Backup Strategy
Choosing a Backup Method
Sample Replication Topologies
Choosing a Restoration Method
Single Data Center
Two Data Centers
Three Data Centers
Five Data Centers
Single Data Center Using the Retro Change Log Plug-In
Appendix A Accessing Data Using DSMLv2 Over HTTP/SOAP
An Empty Anonymous DSML "Ping" Request
A DSML Request Issuing a User Binding
A DSML Search Request